package com.neusoft.util;

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.KeySpec;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

import org.springframework.stereotype.Component;

@Component
public class Encryption {
    public Encryption() {}

    // 生成RSA密钥对
    public KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048); // 使用2048位密钥长度
        return keyPairGenerator.generateKeyPair();
    }

    // 生成AES密钥
    public SecretKey generateAESKey(String password) throws Exception {
    	byte[] salt = new byte[]{
    	        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    	        0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15
    	    };
        // 使用PBE（Password-Based Encryption）生成密钥
        KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128); // 128位AES密钥
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        byte[] keyBytes = keyFactory.generateSecret(keySpec).getEncoded();
        return new SecretKeySpec(keyBytes, "AES");
    }

    // 使用AES加密字符串
    public String encryptWithAES(String plainText, SecretKey secretKey, PublicKey publicKey) throws Exception {
        // 使用固定的IV
        byte[] iv = new byte[16];
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);

        // 使用AES加密明文
        Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        aesCipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);

        byte[] encryptedText = aesCipher.doFinal(plainText.getBytes("UTF-8"));

        // 使用RSA加密AES密钥
        Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
        // 返回加密后的AES密钥和加密后的AES数据
        return Base64.getEncoder().encodeToString(encryptedText);
    }

    // 使用AES解密字符串
    public String decryptWithAES(String encryptedKeyBase64, String ivBase64, String encryptedTextBase64, PrivateKey privateKey) throws Exception {
        // 解码加密后的AES密钥、IV和加密后的AES数据
        byte[] encryptedKey = Base64.getDecoder().decode(encryptedKeyBase64);
        byte[] iv = Base64.getDecoder().decode(ivBase64);
        byte[] encryptedText = Base64.getDecoder().decode(encryptedTextBase64);

        // 使用RSA解密AES密钥
        Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
        SecretKey secretKey = new SecretKeySpec(rsaCipher.doFinal(encryptedKey), "AES");

        // 使用AES解密明文
        Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
        aesCipher.init(Cipher.DECRYPT_MODE, secretKey, ivParameterSpec);

        byte[] decryptedText = aesCipher.doFinal(encryptedText);

        return new String(decryptedText, "UTF-8");
    }
}